Security is of critical importance to modern companies, particularly for companies that have large, sophisticated computer systems such as enterprise resource planning (ERP) software applications and/or other business-critical software applications.
These computer systems can, of course, be or become susceptible to various vulnerabilities. Generally speaking, a vulnerability can be considered to be a flaw in a computer system that might allow an attacker somehow to compromise the computer system. The consequences of such compromises can be severe, and can impact, for example, confidentiality, integrity, and/or availability of the attacked computer system or aspects thereof. Computer system vulnerabilities can be exploited, for example, by executable programs, simple sets of commands or instructions, etc. Once an exploit is available for a particular vulnerability, any computer system that has that particular vulnerability may be under threat.
From time to time, companies that produce ERP and other business-critical software applications (also referred to as business-critical applications), for example, release patches to correct various flaws in those computer systems. Sometimes, implementing a patch can create new vulnerabilities that may be difficult to predict or identify, and, therefore, even more difficult to address.
As used herein, a “business-critical application” (BCA) generally refers to a crucial application to keeping a business running. These types of applications can vary from small tools to company-wide systems. These applications can work on clients' services, be provided by third parties, or can be developed internally. Generally speaking, BCAs are critical applications, where if interrupted, the interruption could result in financial losses, legal loses, negative publicity for the company, unhappy employees or customers, etc. A BCA may be totally different in different companies or different industries; depending on which systems(s) could cause significant damage to a company if problems occur.
Managing system security and identifying/assessing vulnerabilities should be an important part of every company's IT risk management policy, even though it can be quite challenging, particularly for computer systems that experience a great deal of change over time.